*=============================================================| | Exploit Title: ResponsiveFilemanager Cross Site Scripting | | Exploit Author: Ashiyane Digital Security Team | | Vendor Homepage: http://www.responsivefilemanager.com/ | | Download Link : https://github.com/trippo/ResponsiveFilemanager/archive/master.zip | | Version : v9.11.0 | | Tested on: Kali Linux | | Date: 1 /10 / 2017 *=============================================================| | Exploit Code: | | | |A A A ResponsiveFilemanage Cross Site Scripting | | |
| &popup=0&relative_url=0&type=0"/> |
| | *=======================| |How to fix this vulnerability : | |You should first try to f.ilter all input variables O After use command echo in script :) | *=======================| |Vulnerable code : | | |A A A |A A A |A A A A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A |A A A " /> |A A A " /> |A A A " /> |A A A " /> |A A A |A A A | *=============================================================| | Special Thanks To : Ehsan Cod3r O micle O Und3rgr0und O Amir.ght O | xenotixO modiretO V For Vendetta O Alireza O r4ouf O Spoofer O | And All Of My Friends O The Last One : My Self, M.R.S.L.YA *=============================================================| From: Packet Storm To: aaNc Kha! aa Sent: Wednesday, 11 January 2017, 6:40:19 Subject: Re: ResponsiveFilemanager Cross Site Scripting Why does one part say Benson Bank CMS and another ResponsiveFileManager? On Tue, Jan 10, 2017 at 02:52:42PM +0000, aaNc Kha! aa wrote: > *=============================================================| > |A ExploitA Title:A ResponsiveFilemanagerA CrossA SiteA Scripting > | > |A ExploitA Author:A AshiyaneA DigitalA SecurityA Team > | > |A VendorA Homepage:A http://www.responsivefilemanager.com/ > | > |A DownloadA LinkA :A https://github.com/trippo/ResponsiveFilemanager/archive/master.zip > | > |A VersionA :A v9.11.0 > | > |A TestedA on:A KaliA Linux > | > |A Date:A 1A /10A /A 2017 > *=============================================================| > |A ExploitA Code: > | > | > | > |A A A A BensonA BankA CMSA vA 5.5A -A 2015.09.09A CrossA SiteA Scripting > | > | > | > |A &popup=0&relative_url=0&type=0"/> > | > | > | > *=======================| > |HowA toA fixA thisA vulnerabilityA : > | > |YouA shouldA firstA tryA toA f.ilterA allA inputA variablesA OA AfterA useA commandA echoA inA scriptA :) > | > *=======================| > |VulnerableA codeA : > | > | > |A A A A > |A A A A > |A A A A A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A > |A A A A "A /> > |A A A A "A /> > |A A A A "A /> > |A A A A "A /> > |A A A A > |A A A A > | > *=============================================================| > |A SpecialA ThanksA ToA :A EhsanA Cod3rA OA micleA OA Und3rgr0undA OA Amir.ghtA O > |A xenotixOA modiretOA VA ForA VendettaA OA AlirezaA OA r4oufA OA SpooferA O > |A AndA AllA OfA MyA FriendsA OA TheA LastA OneA :A MyA Self,A M.R.S.L.YA A > *=============================================================|